[Secure-testing-commits] r12119 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sat Jun 13 18:54:49 UTC 2009 

Author: derevko-guest
Date: 2009-06-13 18:54:46 +0000 (Sat, 13 Jun 2009)
New Revision: 12119

Modified:
   data/CVE/list
Log:
- NFUs
- CVE-2009-1904 fixed with ruby1.8 1.8.7.173-1
- CVE-2008-5515: added bug reference


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-13 15:09:16 UTC (rev 12118)
+++ data/CVE/list	2009-06-13 18:54:46 UTC (rev 12119)
@@ -3,13 +3,13 @@
 	[etch] - git-core <not-affected> (Vulnerable code not present)
 	NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9
 CVE-2009-2031 (smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount ...)
-	TODO: check
+	NOT-FOR-US: OpenSolaris
 CVE-2009-2030 (Unspecified vulnerability in the XML Digital Signature verification ...)
-	TODO: check
+	NOT-FOR-US: IBM OS/400
 CVE-2009-2029 (Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris
 CVE-2009-2028 (Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2009-XXXX [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
 	- kfreebsd-6 <removed>
 	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
@@ -307,7 +307,9 @@
 CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 ...)
 	NOT-FOR-US: IBM DB2
 CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...)
-	TODO: check
+	- ruby1.8 1.8.7.173-1 (bug #532689)
+	- ruby1.9 <not-affected>
+	NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
 CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows ...)
 	- libapache-mod-security 2.5.9-1 
 CVE-2009-1902 (The multipart processor in ModSecurity before 2.5.9 allows remote ...)
@@ -753,7 +755,7 @@
 CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...)
 	NOT-FOR-US: Mac OS X
 CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly ...)
-	TODO: check
+	NOT-FOR-US: CFNetwork in Apple
 CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
 	TODO: check
 CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
@@ -769,15 +771,15 @@
 CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...)
 	TODO: check
 CVE-2009-1708 (Apple Safari before 4.0 does not prevent calls to the open-help-anchor ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2009-1707 (Race condition in the Reset Safari implementation in Apple Safari ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2009-1706 (The Private Browsing feature in Apple Safari before 4.0 on Windows ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2009-1705 (CoreGraphics in Apple Safari before 4.0 on Windows does not properly ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded image ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to file: ...)
 	TODO: check
 CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
@@ -824,7 +826,7 @@
 CVE-2009-1683
 	RESERVED
 CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked Extended ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2009-1681 (WebKit in Apple Safari before 4.0 does not prevent web sites from ...)
 	TODO: check
 CVE-2009-1680
@@ -1589,7 +1591,7 @@
 CVE-2009-1421
 	RESERVED
 CVE-2009-1420 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView Network Node Manager
 CVE-2009-1419 (Unspecified vulnerability in HP Discovery &amp; Dependency Mapping ...)
 	NOT-FOR-US: HP Discovery & Dependency Mapping Inventory
 CVE-2009-1418 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
@@ -6449,7 +6451,7 @@
 CVE-2009-0203
 	RESERVED
 CVE-2009-0202 (Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-0201
 	RESERVED
 CVE-2009-0200
@@ -7823,10 +7825,9 @@
 	- git-core 1:1.5.6-1
 CVE-2008-5515 [Apache Tomcat information disclosure vulnerability]
 	RESERVED
-	- tomcat5 <removed>
-	- tomcat5.5 <unfixed>
-	- tomcat6 <unfixed>
-	TODO: File bug
+	- tomcat5 <removed> (bug #532363)
+	- tomcat5.5 <unfixed> (bug #532366)
+	- tomcat6 6.0.20-1 (bug #532362)
 	NOTE: http://tomcat.apache.org/security-6.html
 	NOTE: http://tomcat.apache.org/security-5.html
 CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the ...)

More information about the Secure-testing-commits mailing list